Product Security
For Safe Use of MFPs and Printers in Network Environments
Using IT products and information systems poses problems such as unauthorized access, virus infection and information leakage which cause incidents involving damages and accidents. To prevent such problems, security measures of MFPs and printers became more important. To help mitigate these security threats, we would like to inform you on how to use our products safely. In addition, please refer to the following documents for more information on the security technologies included in our products and services.
Konica Minolta Security Technical Support Paper
The paper shows the basic security functions provided by Konica Minolta MFPs and printers.
Appendix
- Synchronize user authentication and print (ID & Print)
- Encrypt communication between the networks (SSL/TLS Protocols)
- Reinforce security when sending emails (SMTP Authentication/ POP before SMTP Authentication)
- Overwrite image data on the HDD (Automatic job data deletion function)
For more information on security initiatives for our product and service , please refer to Enhancing the Security of Products and Services.
Network environments for installing MFPs
To reduce the risk of information leakage and unauthorized use due to unauthorized access from outside, please use MFPs and printers in a network protected by a firewall. Your Konica Minolta products cannot be directly connected to public wireless LAN or other communication lines of telecommunication carriers such as fixed or mobile telecom operators and internet service provider. Please be sure to set Private IP address and connect via a router when connecting your Konica Minolta products to the internet.
How to set the security functions for safe use of MFPs
If you are unsure whether your Konica Minolta MFP is protected by a firewall even after checking with your system administrator, please configure the following settings to prevent unauthorized access from the internet.
Setting a Storage (HDD) Lock Password (data protection against storage theft) | Protect saved data by locking the storage using a password. To lock the storage with the password, enter a lock password (using 20 single-byte characters, case sensitive). Please be sure to keep the password you have entered carefully so that you do not forget it. Should the password be lost, it takes a major recovery work to restore it. If a password is already set, you can change or cancel it. bizhub-I series machines protect data by self-encryption. *For setup instructions, please refer to the User's Guide for your model. |
---|---|
Changing the Password of the Machine Administrator (administrator screen block) | In order to use MFPs more safely, please change the administrator password of the machine. By changing the administrator password, you can prevent attacks, such as setting changes, by a malicious third party. Please set up address change permissions as well. |
Limiting Access by IP Addresses (prevention of access from those other than the specified PCs) | You can protect the MFP from unauthorized access from the external network (viewing job history and accessing the parent box) by restricting accessible IP addresses as well as changing the machine administrator password. Also we recommend you configure encryption settings to use SSL encrypted communication between the MFP and the PC. |
MFP Authentication Setting (limiting access privilege to authenticated users) | By setting up MFP authentication, authentication information of users registered with the machine can be managed internally by the machine. MFP authentication enables more secure operation by restricting machine use only to authenticated users. However, you need to enter your user ID on the control panel or use an IC card to use the machine. For details of operations, please contact our sales representative. |
Copy guard security pattern function: Preventing confidential documents from being leaked by secondary copy of copied paper. | Password encryption and digital ID encryption: Protecting delivered documents against information leakage, forgery and unauthorized modification. A PDF file can be protected by password encryption when sending it. An encrypted PDF file can be decoded only with an authorized user's secret key, providing a higher level security than conventional public key encryption. |
Konica Minolta MFPs also offer the following functions
Status of support for the above functions including optional functions vary depending on product models.
For details, please contact our sales representative.
Procedures for security settings
In case of using Private IP addresses
If Groval IP address is set to MFP, An unspecified number of people on internet can access to it from outside. As the results, risks for leaking infomation go high. On the other hand, if Private IP address is set to MFP, only users on local networds such as intranet LAN can access MFPs.
Konicaminolta strongly recommends to set Private IP address to MFPs.
For Private addreses, the following ranges can be used:
*The ranges for Private IP addresses
10.0.0.0 ~ 10.255.255.255
172.16.0.0 ~ 172.31.255.255
192.168.0.0 ~ 192.168.255.255
How to configure security settings
1. About Web Connection
Web Connection is a built-in utility software product for management use.
By using a Web browser on your computer, you can simply confirm the status of this machine and configure various machine settings.
Although character input such as for address entry and making network settings is a difficult process using the touch panel, it can be carried out easily if you use the computer.
Enter the IP address of the machine in the URL field, then press [Enter] key.
Ex. If IP address of MFP is "192.168.1.20", please enter "http://192.168.1.20".
IP address of MFP can be confirmed on MFP itself.
Please tap "MFP Information Display" in "Setting Menu".
In the IPv6 environment, enclose the IPv6 address in brackets [ ].
For example, when the IPv6 address of this machine is "fe80::220:6bff:fe10:2f16", type "http://[fe80::220:6bff:fe10:2f16]/".
2. Changing the administrator password
You can change the administrator password of this machine from Web Connection.
SSL between Personal Computer and Web Connection is required to communicate for displaying "Administrator Password Setting".
1. Select [Security] - [Administrator Password Setting] in administrator mode of Web Connection (or in [Utility] - [Administrator] of this machine), and enter a new administrator password (using up to 64 characters, excluding ").
2. Click [OK].
The administrator password is changed.
*If you have forgotten the current Administrator Password, only Service Engineer can set new Administrator Password.
For that case, please contact your service representative.
3. IP Address Filtering
Personal Computer can be limited to access MFP by using IP Address. This function is called "IP dress Filtering".
Access from Web Connection to MFP can be limited by IP address.
1. In administrator mode, please set the range of IP address in [Network] - [TCP/IP Setting] - [IP address Filtering].
4. Prohibit to change the registered Addresses
It is possible to prohibit to change the registered Addresses for non-administrators via Web Connection.
1. In Administrator mode, please set [Registering and Changing Addresses] to [Restrict] in [Security] - [Restrict User Access].
2. Click "OK", then changing of the registered Addresses is prohibited.
5. Encryption by SSL between MFP and Personal Computer
Communication between this machine and the computer can be encrypted with SSL to enhance security.
A certificate for this machine is used for the SSL communication between the machine and the computer. As a certificate was registered on this machine upon shipment, you can only enable SSL/TLS on the machine to start the SSL encrypted communication immediately after setup.
1. In Administrator mode, please select "Admin. Mode" or "Admin. Mode and User mode" in [Security] - [PKI settings] - [Enable SSL Version]
6. Introducing User Authentication *In case that higher management is required
Users of the MFP can be restricted by the authentication function (MFP authentication). Authentication information of users are managed internally by the MFP. When employing the MFP authentication, please configure basic settings for the user authentication and register users.
1. In Administrator mode, please select [on (MFP)] in [User Authentication] in [User Auth/Account Track] - [Authentication method].
2. In Administrator mode, please enter required settings in [User Registration] after selecting [New Registration] in [User Auth/Account Track] - [User Authentication Setting].
7. Assign User Box Password
To restrict usage of the User Box with the password, set this setting on.
[User Box Password]: Enter the User Box password (using up to 64 characters, excluding double quotation marks ").
1. Please specify the target one in [User Box list] in [Box], and select [Edit].
Check [User Box Password is changed] and enter password.
If password is not set, it is not necessary to enter [Current Password].
2. Click [OK].